US under major active cyberattack linked to Russian hackers2020-12-17 19:25 by Philip
Tags: cyberattack, CISA, DHS
U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a warning about a major computer intrusion. CISA has determined that this threat "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."
CISA issued an emergency directive telling federal agencies "to immediately disconnect or power down affected SolarWinds Orion products from their network." It should be noted that even though hackers targeted software from SolarWinds, the hack is not limited to only SolarWind products.
CISA noted that the attack began around March and is still outgoing - meaning the malware placed on government computers may still be capturing valuable information. CISA also said that removing the malware will be "highly complex and challenging for organizations."
Russia's foreign intelligence service, the SVR, is believed responsible, according to cybersecurity experts who cite the extremely sophisticated nature of the attack. U.S. intelligence agencies have started briefing members of Congress, and according to Sen. Richard Blumenthal the information clearly pointed to Cozy Bear, a hacking group widely considered to be Russian foreign intelligence.
"On December 13, 2020, CISA released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise, ordering federal civilian executive branch departments and agencies to disconnect affected devices. Note: this Activity Alert does not supersede the requirements of Emergency Directive 21-01 (ED-21-01) and does not represent formal guidance to federal agencies under ED 21-01.
In a statement Thursday, the Department of Energy acknowledged its computer systems had been compromised, though it said "at this point" its investigation shows the malware "isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration."
The FBI, the Department of Homeland Security and the Office of the Director of National Intelligence announced Wednesday they have formed a special unified team, saying they will "coordinate a whole-of-government-response to this significant cyber incident."